package com.predic8.membrane.core.interceptor.apimanagement;

import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.core.JsonGenerator;
import com.predic8.membrane.annot.MCAttribute;
import com.predic8.membrane.annot.MCChildElement;
import com.predic8.membrane.annot.MCElement;
import com.predic8.membrane.core.Router;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.interceptor.AbstractInterceptor;
import com.predic8.membrane.core.interceptor.Interceptor;
import com.predic8.membrane.core.interceptor.Outcome;
import com.predic8.membrane.core.interceptor.administration.AdminConsoleInterceptor;
import com.predic8.membrane.core.interceptor.apimanagement.apiconfig.ApiConfig;
import com.predic8.membrane.core.interceptor.apimanagement.apiconfig.EtcdRegistryApiConfig;
import com.predic8.membrane.core.interceptor.apimanagement.apiconfig.SimpleApiConfig;
import com.predic8.membrane.core.interceptor.apimanagement.policy.Policy;
import com.predic8.membrane.core.interceptor.apimanagement.quota.AMQuota;
import com.predic8.membrane.core.interceptor.apimanagement.rateLimiter.AMRateLimiter;
import com.predic8.membrane.core.interceptor.apimanagement.statistics.AMStatisticsCollector;
import com.predic8.membrane.core.rules.AbstractServiceProxy;
import com.predic8.membrane.core.rules.Rule;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@MCElement(name = "apiManagement")
/* loaded from: input_file:lib/service-proxy-core-4.5.0.jar:com/predic8/membrane/core/interceptor/apimanagement/ApiManagementInterceptor.class */
public class ApiManagementInterceptor extends AbstractInterceptor {
    public static final String APPLICATION_JSON = "application/json";
    private static Logger log = LoggerFactory.getLogger((Class<?>) ApiManagementInterceptor.class);
    private ApiConfig apiConfig;
    private AMStatisticsCollector amStatisticsCollector;
    private AMRateLimiter amRateLimiter = null;
    private AMQuota amQuota = null;
    private ApiManagementConfiguration apiManagementConfiguration = null;
    private String config = "api.yaml";
    private ApiKeyRetriever apiKeyRetriever = new HeaderKeyRetriever();

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public void init(Router router) throws Exception {
        super.init(router);
        Map beansOfType = router.getBeanFactory().getBeansOfType(ApiConfig.class);
        String correctedName = getCorrectedName(EtcdRegistryApiConfig.class.getSimpleName());
        String correctedName2 = getCorrectedName(SimpleApiConfig.class.getSimpleName());
        if (beansOfType.containsKey(correctedName)) {
            this.apiConfig = (ApiConfig) beansOfType.get(correctedName);
        } else if (beansOfType.containsKey(correctedName2)) {
            this.apiConfig = (ApiConfig) beansOfType.get(correctedName2);
        }
        if (this.apiConfig != null) {
            log.info("used apiConfig: " + this.apiConfig.getClass().getSimpleName());
            this.apiManagementConfiguration = this.apiConfig.getConfiguration();
        } else {
            log.info("No ApiConfig set. Using default");
            this.apiManagementConfiguration = new ApiManagementConfiguration(router.getBaseLocation(), this.config);
        }
        addInterceptors();
    }

    private void addInterceptors() {
        StringBuilder sb = new StringBuilder();
        sb.append("Api Management Interceptor");
        ArrayList arrayList = new ArrayList();
        sb.append(" { ");
        if (this.amRateLimiter != null) {
            this.amRateLimiter.setAmc(this.apiManagementConfiguration);
            arrayList.add("RateLimiter");
        }
        if (this.amQuota != null) {
            this.amQuota.setAmc(this.apiManagementConfiguration);
            arrayList.add("Quota");
        }
        arrayList.add("Statistics");
        if (arrayList.size() > 0) {
            sb.append((String) arrayList.get(0));
            for (int i = 1; i < arrayList.size(); i++) {
                sb.append(", ").append((String) arrayList.get(i));
            }
        }
        sb.append(" }");
        this.name = sb.toString();
    }

    private String getCorrectedName(String str) {
        return str.substring(0, 1).toLowerCase() + str.substring(1);
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public Outcome handleRequest(Exchange exchange) throws Exception {
        return getAmStatisticsCollector() != null ? getAmStatisticsCollector().handleRequest(exchange, handleRequest2(exchange)) : handleRequest2(exchange);
    }

    private Outcome handleRequest2(Exchange exchange) throws Exception {
        String andRemoveKey = getAndRemoveKey(exchange);
        if (andRemoveKey == null || !this.apiManagementConfiguration.getKeys().containsKey(andRemoveKey) || isAdminConsoleCall(exchange)) {
            return processUnauthorizedRequest(exchange);
        }
        exchange.setProperty(Exchange.API_KEY, andRemoveKey);
        AuthorizationResult authorization = getAuthorization(exchange, andRemoveKey);
        if (authorization.isAuthorized()) {
            return processAuthorizedRequest(exchange);
        }
        setResponsePolicyDenied(exchange, authorization);
        return Outcome.RETURN;
    }

    private boolean keyExists(String str) {
        return this.apiManagementConfiguration.getKeys().containsKey(str);
    }

    private Outcome processAuthorizedRequest(Exchange exchange) throws Exception {
        return (getAmRateLimiter() == null || getAmRateLimiter().handleRequest(exchange) != Outcome.RETURN) ? (getAmQuota() == null || getAmQuota().handleRequest(exchange) != Outcome.RETURN) ? Outcome.CONTINUE : Outcome.RETURN : Outcome.RETURN;
    }

    private Outcome processUnauthorizedRequest(Exchange exchange) throws Exception {
        String remoteAddrIp = exchange.getRemoteAddrIp();
        exchange.setProperty(Exchange.API_KEY, remoteAddrIp);
        this.apiManagementConfiguration.addIpAsApiKeyIfNeeded(remoteAddrIp);
        if (isAdminConsoleCall(exchange)) {
            return Outcome.CONTINUE;
        }
        if (hasUnauthorizedPolicy(exchange)) {
            return processAuthorizedRequest(exchange);
        }
        setResponseNoAuthKey(exchange);
        return Outcome.RETURN;
    }

    private String getAndRemoveKey(Exchange exchange) {
        String key = this.apiKeyRetriever.getKey(exchange);
        this.apiKeyRetriever.removeKey(exchange);
        return key;
    }

    private boolean isAdminConsoleCall(Exchange exchange) {
        for (Rule rule : this.router.getRuleManager().getRules()) {
            if (rule instanceof AbstractServiceProxy) {
                for (Interceptor interceptor : rule.getInterceptors()) {
                    if (interceptor instanceof AdminConsoleInterceptor) {
                        Iterator<Interceptor> it = exchange.getRule().getInterceptors().iterator();
                        while (it.hasNext()) {
                            if (it.next() == interceptor) {
                                return true;
                            }
                        }
                    }
                }
            }
        }
        return false;
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public Outcome handleResponse(Exchange exchange) throws Exception {
        return getAmStatisticsCollector() != null ? getAmStatisticsCollector().handleResponse(exchange, handleResponse2(exchange)) : handleResponse2(exchange);
    }

    private Outcome handleResponse2(Exchange exchange) {
        if (!hasUnauthorizedPolicy(exchange) && !isAdminConsoleCall(exchange) && getAmQuota() != null) {
            getAmQuota().handleResponse(exchange);
        }
        return Outcome.CONTINUE;
    }

    private boolean hasUnauthorizedPolicy(Exchange exchange) {
        String name = exchange.getRule().getName();
        for (Policy policy : this.apiManagementConfiguration.getPolicies().values()) {
            if (policy.getServiceProxies().contains(name) && policy.isUnauthenticated()) {
                return true;
            }
        }
        return false;
    }

    public AuthorizationResult getAuthorization(Exchange exchange, String str) {
        if (!keyExists(str)) {
            return AuthorizationResult.getAuthorizedFalse("API key not found");
        }
        if (keyIsExpired(str)) {
            return AuthorizationResult.getAuthorizedFalse("API key expired");
        }
        Iterator<Policy> it = getKey(str).getPolicies().iterator();
        while (it.hasNext()) {
            if (it.next().getServiceProxies().contains(exchange.getRule().getName())) {
                return AuthorizationResult.getAuthorizedTrue();
            }
        }
        return AuthorizationResult.getAuthorizedFalse("Service not available: " + exchange.getRule().getName());
    }

    private boolean keyIsExpired(String str) {
        return getKey(str).getExpiration() != null && getKey(str).getExpiration().isBefore(Instant.now());
    }

    private Key getKey(String str) {
        return this.apiManagementConfiguration.getKeys().get(str);
    }

    private byte[] buildJsonErrorMessage(Response response) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            JsonGenerator createGenerator = new JsonFactory().createGenerator(byteArrayOutputStream);
            createGenerator.writeStartObject();
            createGenerator.writeObjectField("Statuscode", Integer.valueOf(response.getStatusCode()));
            createGenerator.writeObjectField("Message", response.getStatusMessage());
            createGenerator.writeEndObject();
            createGenerator.close();
        } catch (IOException e) {
            e.printStackTrace();
        }
        return byteArrayOutputStream.toByteArray();
    }

    private void setResponsePolicyDenied(Exchange exchange, AuthorizationResult authorizationResult) {
        setErrorResponse(exchange, Response.badRequest(authorizationResult.getReason()));
    }

    private void setResponseNoAuthKey(Exchange exchange) {
        setErrorResponse(exchange, Response.unauthorized());
    }

    private void setErrorResponse(Exchange exchange, Response.ResponseBuilder responseBuilder) {
        Response build = responseBuilder.contentType("application/json").build();
        build.setBodyContent(buildJsonErrorMessage(build));
        exchange.setResponse(build);
    }

    public AMRateLimiter getAmRateLimiter() {
        return this.amRateLimiter;
    }

    @MCChildElement(order = 0)
    public void setAmRateLimiter(AMRateLimiter aMRateLimiter) {
        this.amRateLimiter = aMRateLimiter;
    }

    public AMQuota getAmQuota() {
        return this.amQuota;
    }

    @MCChildElement(order = 1)
    public void setAmQuota(AMQuota aMQuota) {
        this.amQuota = aMQuota;
    }

    public String getConfig() {
        return this.config;
    }

    @MCAttribute
    public void setConfig(String str) {
        this.config = str;
    }

    public AMStatisticsCollector getAmStatisticsCollector() {
        return this.amStatisticsCollector;
    }

    @MCChildElement(order = 2)
    public void setAmStatisticsCollector(AMStatisticsCollector aMStatisticsCollector) {
        this.amStatisticsCollector = aMStatisticsCollector;
    }
}
